๐ Legal
Privacy Policy
Last Updated: April 24, 2026 ยท Effective: April 24, 2026
This Privacy Policy applies to WAPLO (waplo.io), operated by S.U Enterprises, Ludhiana, Punjab, India. By using WAPLO, you agree to the collection and use of information as described below.
1. Who We Are
WAPLO is a WhatsApp Business Automation SaaS platform operated by S.U Enterprises, Ludhiana, Punjab, India. Email: support@waplo.io
We serve SMBs across 18+ industries globally including restaurants, salons, clinics, accounting firms, gyms, hotels, real estate, legal firms, retail, e-commerce, coaching, travel agencies, pharmacies, pet clinics, auto garages, home services, schools, and more.
2. Data We Collect
Account & Business Data
- Name, email, phone number, business name, industry, city, country
- WhatsApp Business Account credentials (Phone Number ID, Access Token โ encrypted)
- Password (bcrypt hashed โ never stored as plain text)
- Profile photo (if using Google or Facebook OAuth login)
- Subscription plan and billing history
Usage Data
- IP address, browser type, device information
- Pages visited, features used, session duration
- Login timestamps, error logs
WhatsApp Message Data
- Messages sent and received through your WhatsApp Business number
- Customer phone numbers, names, and conversation history
- Media files (images, documents, audio) sent through WhatsApp
- Message timestamps and delivery status
Customer Data (Your Customers)
- Your customers' phone numbers, names, and messages
- Order history, appointments, documents shared by your customers
- This data belongs to you โ we process it as your data processor
3. How We Use Your Data
- Provide and operate the WAPLO platform and all its features
- Send WhatsApp messages on your behalf to your customers
- Generate AI-powered replies using OpenAI
- Save documents to Google Drive and log data to Google Sheets (if connected)
- Sync appointments with Google Calendar (if connected)
- Process subscription payments via Razorpay, Stripe, or Paddle
- Send platform notifications, invoices, and support messages
- Analyze usage patterns to improve the platform
- Prevent fraud and ensure security
- Comply with legal obligations
4. WhatsApp & Meta Data
WAPLO uses the official Meta WhatsApp Business Cloud API.
- Messages pass through Meta's servers (end-to-end encrypted in transit)
- WAPLO stores message content in our database for Team Inbox, analytics, and AI features
- WhatsApp tokens are encrypted with AES-256 before storage
- We comply with Meta's Platform Terms, WhatsApp Business Policy, and Messaging Policy
- We do NOT sell WhatsApp message data to any third party
โ ๏ธ You are responsible for obtaining proper consent from your customers before messaging them. Meta requires opt-in consent for marketing messages. Use WAPLO's opt-in tools to collect and manage consent.
5. AI & OpenAI Processing
WAPLO uses OpenAI's GPT-4o-mini API to power AI reply features:
- Customer messages may be sent to OpenAI's API to generate automated replies
- OpenAI processes this data per their Privacy Policy
- API usage does not train OpenAI's public models (per OpenAI API terms)
- You can disable AI replies in your dashboard at any time
- Do not route highly sensitive data (medical records, financial account numbers) through AI replies
6. Google Services Integration
If you connect Google Workspace to WAPLO:
- Google Drive: WAPLO creates client folders and saves documents your customers send (e.g., accountants collecting tax documents). All files stored in YOUR Google Drive account.
- Google Sheets: WAPLO logs orders, appointments, revenue, and documents to spreadsheets in your account.
- Google Calendar: WAPLO creates and reads appointments in your calendar.
- You grant access via Google OAuth โ revoke anytime from Google Account Settings.
- WAPLO accesses only the files/folders it creates, not your entire Google account.
- Google processes data per their Privacy Policy.
7. Instagram & Facebook
WAPLO currently supports WhatsApp. Instagram DM and Facebook Messenger automation are planned. When launched:
- Instagram and Facebook messages will be handled similarly to WhatsApp
- You'll connect via Meta Business OAuth
- Same data protection standards apply
- This policy will be updated at launch
8. Payment Processing
9. Data Sharing
We never sell your data. We share only with:
- Meta: WhatsApp API for messaging
- OpenAI: AI reply generation (message content)
- Google: Drive, Sheets, Calendar (if connected)
- Razorpay / Stripe / Paddle: Payment processing
- Hostinger: Server infrastructure (data at rest)
- Law enforcement: Only with valid legal process
10. Data Storage & Security
- Servers: Hostinger, India (LiteSpeed)
- Database: MySQL with encrypted sensitive fields
- Passwords: bcrypt hash
- WhatsApp tokens: AES-256 encrypted
- HTTPS enforced everywhere
- API rate limiting (60 req/min per IP)
- Login lockout after 5 failed attempts (30 min block)
- Daily automated backups
- Admin panel access restricted to secret URL
11. GDPR โ European Union
๐ช๐บ For users in the European Union
Your rights under GDPR:
- Access your personal data
- Rectify inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Object to processing
- Restrict processing
Lawful basis: Contract performance, Legitimate interest (security/fraud), and Consent (marketing). Contact: privacy@waplo.io
12. CASL โ Canada
๐จ๐ฆ For users in Canada
- We only send commercial messages to recipients with express or implied consent
- Every message includes a clear unsubscribe mechanism
- Unsubscribes processed within 10 business days
- You must ensure your customers have provided CASL-compliant consent
- WAPLO provides opt-in tools to collect and record consent
- French (Quebec) language support available for AI communications
13. DPDP Act โ India
๐ฎ๐ณ For users in India โ Digital Personal Data Protection Act, 2023
- We collect only data necessary to provide our services (data minimization)
- Data processed with your consent
- Rights: Access, Correction, Erasure, Grievance redressal, Nominate a representative
- Withdraw consent anytime: support@waplo.io
- Reasonable security safeguards implemented
- Data breach notification as required by law
- Grievance officer: support@waplo.io (response within 30 days)
14. Cookies
- Essential: Login sessions, security tokens (cannot be disabled)
- Analytics: Platform usage patterns (can be disabled)
- Preferences: UI settings, language
Manage cookies via your browser settings. Disabling essential cookies will affect login functionality.
15. Data Retention
- Active accounts: Data retained while subscription is active
- Cancelled accounts: Deleted within 30 days
- WhatsApp messages: 12 months for Team Inbox history
- Payment records: 7 years (statutory requirement)
- Backup data: 30 days then purged
- Early deletion: Email privacy@waplo.io
16. Your Rights
Regardless of location, you can:
- Access, correct, or delete your personal data
- Export your data in a portable format
- Opt out of marketing communications
- Withdraw consent for optional processing
Email: privacy@waplo.io โ Response within 30 days.
17. Children's Privacy
WAPLO is for businesses only โ not intended for users under 18. We do not knowingly collect data from children. Contact privacy@waplo.io if you believe a child has submitted data.
18. Changes to This Policy
We update this policy when we add features (Instagram, Facebook, new payment gateways, Google integrations, etc.). Significant changes notified via email, dashboard notification, and/or WhatsApp.
Privacy: privacy@waplo.io
Support: support@waplo.io
Address: S.U Enterprises, Ludhiana, Punjab, India
Response: Privacy requests within 30 days ยท Support within 24-48 hours